Minikube: Exemplo com Autenticação: Difference between revisions
(Criou a página com "1) Levantando o Minikube minikube start --extra-config=controller-manager.ClusterSigningCertFile="/var/lib/localkube/certs/ca.crt" \ --extra-config=controller-manager.C...") |
No edit summary |
||
| Line 53: | Line 53: | ||
client-key: /Users/ebasso/.minikube/client.key | client-key: /Users/ebasso/.minikube/client.key | ||
</nowiki> | </nowiki> | ||
) Criando uma namespace | |||
kubectl create namespace lfs158 | |||
) | |||
cd | |||
mkdir .rbac | |||
cd .rbac | |||
openssl genrsa -out ebasso.key 2048 | |||
openssl req -new -key ebasso.key -out ebasso.csr -subj "/CN=ebasso/O=company"\n | |||
) | |||
cat ebasso.csr | base64 - | |||
Resultado | |||
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ2FUQ0NBVkVDQVFBd0pERVBNQTBHQTFVRUF3d0daV0poYzNOdk1SRXdEd1lEVlFRS0RBaGpiMjF3WV | |||
... | |||
0YKcnFEOVB0T0UvVVRLRjB1U3h5cGlLaEs3a2VZNHNSdnJaUlBVVmdBRGx1NXp1aWRqajdnQmtBdzlJQ1dHCi0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo= | |||
<nowiki> | |||
cat > signing-request.yml << EOF | |||
apiVersion: certificates.k8s.io/v1beta1 | |||
kind: CertificateSigningRequest | |||
metadata: | |||
name: ebasso-csr | |||
spec: | |||
groups: | |||
- system:authenticated | |||
request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ2FUQ0NBVkVDQVFBd0pERVBNQTBHQTFVRUF3d0daV0poYzNOdk1SRXdEd1lEVlFRS0RBaGpiMjF3WV | |||
... | |||
0YKcnFEOVB0T0UvVVRLRjB1U3h5cGlLaEs3a2VZNHNSdnJaUlBVVmdBRGx1NXp1aWRqajdnQmtBdzlJQ1dHCi0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo= | |||
usages: | |||
- digital signature | |||
- key encipherment | |||
- client auth | |||
EOF | |||
</nowiki> | |||
) | |||
kubectl create -f signing-request.yml | |||
= Ver também = | = Ver também = | ||
Revision as of 00:42, 26 February 2019
1) Levantando o Minikube
minikube start --extra-config=controller-manager.ClusterSigningCertFile="/var/lib/localkube/certs/ca.crt" \ --extra-config=controller-manager.ClusterSigningKeyFile="/var/lib/localkube/certs/ca.key" \ --extra-config=apiserver.authorization-mode=RBAC
Resultado:
😄 minikube v0.34.1 on darwin (amd64)
💡 Tip: Use 'minikube start -p <name>' to create a new cluster, or 'minikube delete' to delete this one.
🏃 Re-using the currently running virtualbox VM for "minikube" ...
⌛ Waiting for SSH access ...
📶 "minikube" IP address is 192.168.99.100
🐳 Configuring Docker as the container runtime ...
✨ Preparing Kubernetes environment ...
▪ controller-manager.ClusterSigningCertFile=/var/lib/localkube/certs/ca.crt
▪ controller-manager.ClusterSigningKeyFile=/var/lib/localkube/certs/ca.key
▪ apiserver.authorization-mode=RBAC
🚜 Pulling images required by Kubernetes v1.13.3 ...
🔄 Relaunching Kubernetes v1.13.3 using kubeadm ...
⌛ Waiting for kube-proxy to come back up ...
🤔 Verifying component health .....
💗 kubectl is now configured to use "minikube"
🏄 Done! Thank you for using minikube!
2) Verificando a configuração, executando o comando:
kubectl config view
Resultado:
apiVersion: v1
clusters:
- cluster:
certificate-authority: /Users/ebasso/.minikube/ca.crt
server: https://192.168.99.100:8443
name: minikube
contexts:
- context:
cluster: minikube
user: minikube
name: minikube
current-context: minikube
kind: Config
preferences: {}
users:
- name: minikube
user:
client-certificate: /Users/ebasso/.minikube/client.crt
client-key: /Users/ebasso/.minikube/client.key
) Criando uma namespace
kubectl create namespace lfs158
)
cd mkdir .rbac cd .rbac openssl genrsa -out ebasso.key 2048 openssl req -new -key ebasso.key -out ebasso.csr -subj "/CN=ebasso/O=company"\n
)
cat ebasso.csr | base64 -
Resultado
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ2FUQ0NBVkVDQVFBd0pERVBNQTBHQTFVRUF3d0daV0poYzNOdk1SRXdEd1lEVlFRS0RBaGpiMjF3WV ... 0YKcnFEOVB0T0UvVVRLRjB1U3h5cGlLaEs3a2VZNHNSdnJaUlBVVmdBRGx1NXp1aWRqajdnQmtBdzlJQ1dHCi0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo=
cat > signing-request.yml << EOF
apiVersion: certificates.k8s.io/v1beta1
kind: CertificateSigningRequest
metadata:
name: ebasso-csr
spec:
groups:
- system:authenticated
request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ2FUQ0NBVkVDQVFBd0pERVBNQTBHQTFVRUF3d0daV0poYzNOdk1SRXdEd1lEVlFRS0RBaGpiMjF3WV
...
0YKcnFEOVB0T0UvVVRLRjB1U3h5cGlLaEs3a2VZNHNSdnJaUlBVVmdBRGx1NXp1aWRqajdnQmtBdzlJQ1dHCi0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo=
usages:
- digital signature
- key encipherment
- client auth
EOF
)
kubectl create -f signing-request.yml